Tag: Auto SSL Let’s Encrypt

If you are running cPanel & WHM version 58.0.17 or above (the EDGE or CURRENT tiers right now), you can now install the plugin using the command line by running this command:

/scripts/install_lets_encrypt_autossl_provider

Running that script will add cPanel’s repo file and make sure the plugin is up to date, which will add it as a provider to the AutoSSL feature introduced in 58. If you want to enable it after you add it to the server, you will need to do so from WHM.

Domain and rate limits

The AutoSSL feature includes the following limitations and conditions:

Each AutoSSL provider may have a specific domain rate limit. For example:

Certificates that cPanel, Inc. provides through AutoSSL can secure a maximum of 200 domains per virtual host.

Certificates that Let’s Encrypt™ provides can secure a maximum of 100 domains per virtual host.

AutoSSL will only include domains and subdomains that pass a Domain Control Validation (DCV) test, which proves ownership of the domain.

AutoSSL will not attempt to replace pre-existing valid certificates that expire in more than three days.

Because the system adds the /etc/cron.d/cpanel_autossl cron daemon task to schedule the automatic provisioning of certificates, you may experience a delay between when you enable the feature and the installation of certificates. The interface displays the next time that the script will run.

AutoSSL will attempt to renew its provided certificates when they expire within 29 days. However, due to rate limits, AutoSSL prioritizes new certificates over the renewal of existing certificates.

The system restarts Apache after AutoSSL provisions and installs certificates for all accounts during a nightly run.

Run AutoSSL

Click Run AutoSSL for all users at the top of the interface to run the AutoSSL feature for all users with the feature enabled.

To run the AutoSSL feature for a single user, click the user’s Check button in the Run AutoSSL Check column of the table.

Review log files

To review AutoSSL log files, perform the following steps:

Click the Logs tab.

Select the log that you wish to view from the menu, and click View Selected Log.

Click Refresh Logs List to refresh the list of log files.

The system stores the log files in both text and JSON format in the /var/cpanel/logs/autossl directory.

Frequently Asked Questions

How do I revoke a certificate?

We do not support the revocation of certificates through cPanel & WHM at this time.

Let’s Encrypt will only issue a certificate five times per week to a specific set of domains before it blocks any further certificates for that set of domains.

To work around this rate limitation, create an alias to a domain in the virtual host list (website) so that Let’s Encrypt interprets the virtual host as a new set of domains.

Is Manage AutoSSL available for cPanel & WHM version 56?

That version of cPanel & WHM does not support deferred Apache and Dovecot configuration restarts, which results in unacceptable downtime and a poor customer experience. As such, we will not make the plugin available for version 56.